Nix Flakes - Public Room Timeline

	Nix Flakes	893 Members
		179 Servers

Load older messages

Sender	Message	Time
27 Sep 2021
zrsk	In reply to @balsoft:balsoft.ru `nix cli 2` is the experimental `nix-command` feature, I suppose Ahhh, thank you	15:46:41
zrsk	In reply to @balsoft:balsoft.ru { config, pkgs, lib, inputs, ... }: { vault-secrets.secrets.update-daemon = { secretsAreBase64 = true; }; services.update-daemon = { enable = true; secretFile = "${config.vault-secrets.secrets.update-daemon}/environment"; agentSetup = '' export PATH="$PATH":${lib.makeBinPath [ pkgs.openssh ]} if [[ -z "''${SSH_AGENT_PID:-}" ]] ; then echo "Starting an ephemeral ssh-agent" >&2; eval "$(ssh-agent -s)" fi cat ${config.vault-secrets.secrets.update-daemon}/private_ssh_key \| env SSH_ASKPASS="$(command -v false)" ssh-add - ''; repos = { github = { serokell = { gemini-infra = {}; pegasus-infra = {}; }; }; }; settings = { author.email = "operations@serokell.io"; extra_body = "CC @serokell/operations"; }; }; } Thank you! I'll try it soon	15:48:20
zrsk	A curiosity: could you send me an example of PR that this process generates, please?	15:49:54
zrsk	I mean the Github link	15:50:05
balsoft	Uh, it's quite... Noisy at the moment	15:50:05
balsoft	I'm working on it right now	15:50:08
zrsk	What you mean with noisy?	15:50:33
balsoft	https://github.com/serokell/update-daemon/pull/2	15:50:36
balsoft	In reply to @aciceri:nixos.dev What you mean with noisy? It creates a new commit every time it is ran and there are updates for the repository	15:50:49
balsoft	Which seemed like a good idea at the time of writing, but turned out not to be	15:51:00
balsoft	The idea was that humans could push fixes to the same branch, so that changes related to the update are merged together with the update	15:51:29
balsoft	But unfortunately it just creates a sea of commits, which is rather overwhelming	15:51:47
balsoft	I'm rewriting it to only create one meaningful commit and then stop updating if there are any human changes on the branch, under the assumption that if humans have pushed something they are going to merge rather soon.	15:52:29
balsoft	Also, I'll add error reporting (if it fails to update it should create an issue) and gitlab support some time in the future	15:53:37
balsoft	Currently it has rudimentary "plain git" support, but it can't submit oldschool patches via email or anything like that, it simply pushes changes to a remote branch	15:54:28
zrsk	If I understand correctly, the bot pushes to a branch called `automatic-update` in the same repository, I suppose I have to create it before, right? And the ssh key must be that of the bot user on Github (I've to give it the write permissions in the `automatic-update` branch). However could I use also my ssh key specifying a custom `author.name`? In this case giving permissions wouldn't be necessary since I would have a single GIthub account. However I understand the problem you exposed, I hope you solve it soon, it's a nice project that could be used by many since the increment of people passing to Flake.	16:04:42
balsoft	In reply to @aciceri:nixos.dev If I understand correctly, the bot pushes to a branch called `automatic-update` in the same repository, I suppose I have to create it before, right? And the ssh key must be that of the bot user on Github (I've to give it the write permissions in the `automatic-update` branch). However could I use also my ssh key specifying a custom `author.name`? In this case giving permissions wouldn't be necessary since I would have a single GIthub account. However I understand the problem you exposed, I hope you solve it soon, it's a nice project that could be used by many since the increment of people passing to Flake. The bot will automatically create the update branch if it doesn't exist Yes, the ssh key must have push permission to the repository. You can use `author.name` but that would only affect commits, not the github interface (e.g. the pull requests will still show you as the initiator)	16:07:16
balsoft	The "problem" is not actually a showstopper, more of an annoyance.	16:07:31
balsoft	See for example https://github.com/serokell/pegasus-infra/pull/23	16:07:44
balsoft	Where we just resorted to manually updating in a separate pull request rather than dealing with all the commits	16:08:10
zrsk	`In case any of the flakes fail to update, update-daemon will exit with a non-zero exit code (but still finish updating all the other flakes);` But what does this (from README) mean? It fails only if the strings replacement in `flake.lock` fails or is it also running tests/checks?	16:15:14
balsoft	In reply to @aciceri:nixos.dev `In case any of the flakes fail to update, update-daemon will exit with a non-zero exit code (but still finish updating all the other flakes);` But what does this (from README) mean? It fails only if the strings replacement in `flake.lock` fails or is it also running tests/checks? It fails if some part of the operation fails.	16:39:12
balsoft	It doesn't run any checks, it goes through the usual review process, which includes CI	16:39:34
	yusdacra changed their profile picture.	19:50:47
28 Sep 2021
	anderscs joined the room.	14:23:28
	Astro joined the room.	19:14:09
Dee	hm, running `nix flake metadata` on a dirty Nixpkgs tree takes about 7 seconds, but running it on a clean tree isn't done even after 70 seconds	22:49:29
Dee	I assume this is because with a clean tree it... counts the commits or something?	22:49:40
edrex	balsoft I'm reading some of your nixos-config modules for ideas	22:55:46
edrex	i'm curious about the pass-based secrets management and using envsubst. Have you written about that anywhere (issue threads, design notes or whatnot)?	22:57:50

Show newer messages

Back to Room ListRoom Version: 6